CVE-2025-57614
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-10

Assigner: MITRE

Description
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability occurs when dimension parameters are zero or exceed i32::MAX, leading to an unchecked cast that violates the underlying C function's preconditions and triggers undefined behavior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-10
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57614
EUVD
EUVD-2025-26410
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
meh.schizofreni rust-ffmpeg 0.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in rust-ffmpeg 0.3.0 occurs in the cached method, which takes four dimension parameters and casts them unchecked to a signed 32-bit integer. If these parameters are zero or exceed the maximum allowed value (i32::MAX), the cast results in invalid values that violate the underlying C function's requirements. This leads to undefined behavior such as buffer underflows, out-of-bounds memory access, crashes, or memory corruption. Essentially, improper input validation allows an attacker to trigger these unsafe conditions. [1]

Impact Analysis

This vulnerability can cause denial of service by crashing the application or corrupting memory. In some cases, it may allow an attacker to execute arbitrary code due to the undefined behavior triggered by invalid input parameters. This compromises the stability and security of any system using the affected rust-ffmpeg version. [1]

Detection Guidance

This vulnerability can be detected by checking if the rust-ffmpeg version 0.3.0 (after commit 5ac0527) is in use and whether it improperly handles dimension parameters in the cached method, specifically if zero or values exceeding i32::MAX are passed unchecked. Detection involves auditing the source code or runtime behavior for crashes or undefined behavior related to invalid dimension parameters. There are no specific network commands provided, but reviewing logs for crashes or memory corruption when processing media with rust-ffmpeg could indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include validating all dimension parameters passed to the cached method to ensure they are strictly greater than zero and less than or equal to i32::MAX before casting to c_int. If invalid values are detected, the program should panic with a clear error or return an error instead of proceeding. Additionally, updating rust-ffmpeg to a version that includes these validation fixes or applying patches that add these checks will prevent exploitation. Avoid processing inputs with zero or excessively large dimension parameters until patched. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57614. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart